Refactor uninstallation process

Author: mohamed-essam

Dockerfile.kubectl

@@ -0,0 +1,10 @@
+FROM alpine:3 AS builder
+
+RUN apk update && apk add curl
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+    chmod +x kubectl && \
+    mv kubectl /usr/local/bin/kubectl
+
+FROM alpine:3 AS final
+
+COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl

cmd/main.go

@@ -294,16 +294,6 @@ func main() {
 		}
 
 		if enableWebhooks {
-			if err = webhooknetbirdiov1.SetupNBResourceWebhookWithManager(mgr); err != nil {
-				setupLog.Error(err, "unable to create webhook", "webhook", "NBResource")
-				os.Exit(1)
-			}
-
-			if err = webhooknetbirdiov1.SetupNBRoutingPeerWebhookWithManager(mgr); err != nil {
-				setupLog.Error(err, "unable to create webhook", "webhook", "NBRoutingPeer")
-				os.Exit(1)
-			}
-
 			if err = webhooknetbirdiov1.SetupNBGroupWebhookWithManager(mgr); err != nil {
 				setupLog.Error(err, "unable to create webhook", "webhook", "NBGroup")
 				os.Exit(1)

helm/kubernetes-operator/templates/nbpolicies.yaml

@@ -8,6 +8,8 @@ metadata:
   labels:
     app.kubernetes.io/component: operator
     {{- include "kubernetes-operator.labels" $ | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
   name: {{ $k }}
 spec:
   name: {{ $v.name }}

helm/kubernetes-operator/templates/nbroutingpeers.yaml

@@ -10,6 +10,8 @@ metadata:
   labels:
     app.kubernetes.io/component: operator
     {{- include "kubernetes-operator.labels" $ | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
   name: router
   namespace: {{ $k }}
 {{ $spec := merge $defaults $v }}
@@ -51,6 +53,8 @@ metadata:
   labels:
     app.kubernetes.io/component: operator
     {{- include "kubernetes-operator.labels" $ | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
   name: router
 {{- if or (or (or .replicas .resources) (or .labels .annotations)) (or .nodeSelector .tolerations) }}
 spec:

helm/kubernetes-operator/templates/pre-delete.yaml

@@ -1,69 +1,41 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "kubernetes-operator.fullname" . }}-delete-routers
-  labels:
-    app.kubernetes.io/component: operator
-    {{- include "kubernetes-operator.labels" . | nindent 4 }}
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-spec:
-  backoffLimit: 3
-  template:
-    metadata:
-      name: {{ include "kubernetes-operator.fullname" . }}
-      labels:
-        app.kubernetes.io/component: operator
-        {{- include "kubernetes-operator.labels" . | nindent 8 }}
-        {{- with .Values.operator.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      containers:
-      - name: pre-delete
-        image: "bitnami/kubectl:latest"
-        args:
-        - delete
-        - --all
-        - -A
-        - --cascade=foreground
-        - --ignore-not-found
-        - NBRoutingPeer
-      serviceAccountName: {{ include "kubernetes-operator.serviceAccountName" . }}
-      restartPolicy: Never
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "kubernetes-operator.fullname" . }}-delete-policies
-  labels:
-    app.kubernetes.io/component: operator
-    {{- include "kubernetes-operator.labels" . | nindent 4 }}
-  annotations:
-    helm.sh/hook: pre-delete
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-spec:
-  backoffLimit: 3
-  template:
-    metadata:
-      name: {{ include "kubernetes-operator.fullname" . }}
-      labels:
-        app.kubernetes.io/component: operator
-        {{- include "kubernetes-operator.labels" . | nindent 8 }}
-        {{- with .Values.operator.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      containers:
-      - name: pre-delete
-        image: "bitnami/kubectl:latest"
-        args:
-        - delete
-        - --all
-        - --cascade=foreground
-        - --ignore-not-found
-        - NBPolicy
-      serviceAccountName: {{ include "kubernetes-operator.serviceAccountName" . }}
-      restartPolicy: Never
----
+{{/*apiVersion: batch/v1*/}}
+{{/*kind: Job*/}}
+{{/*metadata:*/}}
+{{/*  name: {{ include "kubernetes-operator.fullname" . }}-delete-router-deployments*/}}
+{{/*  labels:*/}}
+{{/*    app.kubernetes.io/component: operator*/}}
+{{/*    {{- include "kubernetes-operator.labels" . | nindent 4 }}*/}}
+{{/*  annotations:*/}}
+{{/*    helm.sh/hook: pre-delete*/}}
+{{/*    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded*/}}
+{{/*spec:*/}}
+{{/*  backoffLimit: 3*/}}
+{{/*  template:*/}}
+{{/*    metadata:*/}}
+{{/*      name: {{ include "kubernetes-operator.fullname" . }}*/}}
+{{/*      labels:*/}}
+{{/*        app.kubernetes.io/component: operator*/}}
+{{/*        {{- include "kubernetes-operator.labels" . | nindent 8 }}*/}}
+{{/*        {{- with .Values.operator.podLabels }}*/}}
+{{/*        {{- toYaml . | nindent 8 }}*/}}
+{{/*        {{- end }}*/}}
+{{/*    spec:*/}}
+{{/*      containers:*/}}
+{{/*      - name: pre-delete*/}}
+{{/*        image: "netbirdio/kubectl:latest"*/}}
+{{/*        imagePullPolicy: {{ .Values.operator.image.pullPolicy }}*/}}
+{{/*        command:*/}}
+{{/*          - sh*/}}
+{{/*          - -c*/}}
+{{/*        args:*/}}
+{{/*          - kubectl get NBRoutingPeer -A --no-headers -o custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name | while read "L"; do kubectl patch --type=json -p '[{"op":"replace","path":"/spec/disableDeployment","value":true}]' NBRoutingPeer -n $(echo "$L" | awk '{print $1}') $(echo "$L" | awk '{print $2}'); done*/}}
+{{/*      - name: delete-wait*/}}
+{{/*        image: "netbirdio/kubectl:latest"*/}}
+{{/*        imagePullPolicy: {{ .Values.operator.image.pullPolicy }}*/}}
+{{/*        command:*/}}
+{{/*          - sh*/}}
+{{/*          - -c*/}}
+{{/*        args:*/}}
+{{/*          - kubectl get NBRoutingPeer -A --no-headers -o custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name | while read "L"; do kubectl wait --for=delete deployment -n $(echo "$L" | awk '{print $1}') $(echo "$L" | awk '{print $2}'); done*/}}
+{{/*      serviceAccountName: {{ include "kubernetes-operator.serviceAccountName" . }}*/}}
+{{/*      restartPolicy: Never*/}}

helm/kubernetes-operator/templates/webhook.yaml

@@ -96,84 +96,6 @@ webhooks:
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
-{{- if $.Values.webhook.enableCertManager }}
-  annotations:
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "kubernetes-operator.fullname" . }}-serving-cert
-{{- end }}
-  name: {{ include "kubernetes-operator.fullname" . }}-vnbresource-webhook
-  labels:
-    {{- include "kubernetes-operator.labels" . | nindent 4 }}
-webhooks:
-- clientConfig:
-    {{- if not $.Values.webhook.enableCertManager }}
-    caBundle: {{ $tls.caCert }}
-    {{ end }}
-    service:
-      name: {{ template "kubernetes-operator.webhookService" . }}
-      namespace: {{ $.Release.Namespace }}
-      path: /validate-netbird-io-v1-nbresource
-  failurePolicy: {{ .Values.webhook.failurePolicy }}
-  name: vnbresource-v1.netbird.io
-  admissionReviewVersions:
-  - v1
-  {{- if .Values.webhook.namespaceSelectors }}
-  namespaceSelector:
-    matchExpressions:
-    {{ toYaml .Values.webhook.namespaceSelectors | nindent 4 }}
-  {{ end }}
-  rules:
-  - apiGroups:
-    - netbird.io
-    apiVersions:
-    - v1
-    operations:
-    - DELETE
-    resources:
-    - "nbresources"
-  sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-{{- if $.Values.webhook.enableCertManager }}
-  annotations:
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "kubernetes-operator.fullname" . }}-serving-cert
-{{- end }}
-  name: {{ include "kubernetes-operator.fullname" . }}-vnbroutingpeer-webhook
-  labels:
-    {{- include "kubernetes-operator.labels" . | nindent 4 }}
-webhooks:
-- clientConfig:
-    {{- if not $.Values.webhook.enableCertManager }}
-    caBundle: {{ $tls.caCert }}
-    {{ end }}
-    service:
-      name: {{ template "kubernetes-operator.webhookService" . }}
-      namespace: {{ $.Release.Namespace }}
-      path: /validate-netbird-io-v1-nbroutingpeer
-  failurePolicy: {{ .Values.webhook.failurePolicy }}
-  name: vnbroutingpeer-v1.netbird.io
-  admissionReviewVersions:
-  - v1
-  {{- if .Values.webhook.namespaceSelectors }}
-  namespaceSelector:
-    matchExpressions:
-    {{ toYaml .Values.webhook.namespaceSelectors | nindent 4 }}
-  {{ end }}
-  rules:
-  - apiGroups:
-    - netbird.io
-    apiVersions:
-    - v1
-    operations:
-    - DELETE
-    resources:
-    - "nbroutingpeers"
-  sideEffects: None
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
 {{- if $.Values.webhook.enableCertManager }}
   annotations:
     cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "kubernetes-operator.fullname" . }}-serving-cert

helm/kubernetes-operator/values.yaml

@@ -147,42 +147,6 @@ ingress:
     # - group2
     policies: []
     # - default
-  router:
-    # Deploy routing peer(s)
-    enabled: false
-    # replicas: 3
-    # resources:
-    #   requests:
-    #     cpu: 100m
-    #     memory: 100Mi
-    #   limits:
-    #     cpu: 100m
-    #     memory: 100Mi
-    # labels: {}
-    # annotations: {}
-    # nodeSelector: {}
-    # tolerations: []
-    # Only needed if namespacedNetworks is set to true
-    namespaces: {}
-      # default:
-        # replicas: 3
-        # resources:
-        #   requests:
-        #     cpu: 100m
-        #     memory: 100Mi
-        #   limits:
-        #     cpu: 100m
-        #     memory: 100Mi
-        # labels: {}
-        # annotations: {}
-        # nodeSelector: {}
-        # tolerations: []
-  # NetBird Policies for use with exposed services
-  policies: {}
-    # default:
-    #   name: Kubernetes Default Policy
-    #   sourceGroups:
-    #   - All
 
 cluster:
   # Cluster DNS name (used for webhooks certificates and for network resource DNS names)

helm/operator-config/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/operator-config/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: operator-config
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "0.0.0"

helm/operator-config/templates/_helpers.tpl

@@ -0,0 +1,33 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "operator-config.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "operator-config.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "operator-config.labels" -}}
+helm.sh/chart: {{ include "operator-config.chart" . }}
+{{ include "operator-config.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "operator-config.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "operator-config.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}